Here you will find information about security issues of Ruby.
Reporting Security Vulnerabilities
Security vulnerabilities should be reported via an email to security@ruby-lang.org, which is a private mailing list. Reported problems will be published after fixes.
Known issues
Here are recent issues.
- DoS vulnerability in REXML published at 23 Aug, 2008
- Multiple vulnerabilities in Ruby published at 8 Aug, 2008
- Arbitrary code execution vulnerabilities published at 20 Jun, 2008
- File access vulnerability of WEBrick published at 3 Mar, 2008
- Net::HTTPS Vulnerability published at 4 Oct, 2007
- Another DoS Vulnerability in CGI Library published at 4 Dec, 2006.
- DoS Vulnerability in CGI Library published at 3 Nov, 2006
- Ruby vulnerability in the safe level settings published at 2 Oct, 2005